User profiles in asp.net

Question

I have an asp.net project and I am trying to develop the user profile part, so that users can log in with their own profile (profile containing admin and users).

Is it okay to set a cookie on users computer, when the user is logged in and then let the user browse in site? I mean after after I check user name and password, by checking this cookie on every page I let the user browse the page or redirect to the login page.

Is this way okay?
Is this safe to use?
Is there any better approach for this?

Answer 1

You can use SqlProfileProvider. Adding profile properties can be done by adding some code to your web.confing (inside system.web section, database for sqlprofile structure must be present):

<profile defaultProvider="SqlProvider">
  <providers>
    <clear/>
    <add name="SqlProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ASPNETDB" applicationName="MyApplication" description="SqlProfileProvider"/>
  </providers>
  <properties>
    <add name="LanguageId" allowAnonymous="false" type="System.Int32"/>
    <add name="Company" allowAnonymous="false" type="System.String"/>
  </properties>
</profile>

In this example I have added two profile properties languageId nad Company. You can access this properties using following code:

ProfileBase profile = ProfileBase.Create("SomeUserName");
string company = (string)profile["Company"];

For additional info about SqlProfileProvider visit following link:

http://msdn.microsoft.com/en-us/library/system.web.profile.sqlprofileprovider.aspx

Answer 2

I have written a couple of how-to answers about creating profiles from scratch:

• For Web Sites (where the profile object is automatically generated for you based on Web.config settings).

  • How to persist anon user selection (ex: theme selection)

• For Web Applications (like MVC, where you need to specify the class inheriting ProfileBase)

  • accessing profile.newproperty in MVC web applications